This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+9 more
Affected surfaces
Summary
AI summaryUpdates π Enhancements, deps, and fix across a mixed release.
Full changelog
[!CAUTION]
In older firmware, generated public/private keys may have insufficient entropy, resulting in the possibility of key reuse across devices. This release delays key generation until the user sets a LoRa region, and also mixes in additional sources of randomness. Additionally, if one of the known key collisions are detected, the user is notified, and should regenerate keys as soon as possible.
π Enhancements
- Add --1200bps-reset param to device-install/update scripts by @ThatKalle in https://github.com/meshtastic/firmware/pull/6752
- Generate keys when Lora Region is set by @jp-bennett in https://github.com/meshtastic/firmware/pull/6951
- Seeed_xiao_nrf52840_kit improvements by @ndoo in https://github.com/meshtastic/firmware/pull/6930
- Add InkHUD driver for WeAct Studio 2.9" display module by @todd-herbert in https://github.com/meshtastic/firmware/pull/6963
- [Variant] nomadstar meteor pro by @CypressXt in https://github.com/meshtastic/firmware/pull/6742
π Bug fixes and maintenance
- fix: Respect LED_STATE_ON for power and user LED by @ndoo in https://github.com/meshtastic/firmware/pull/6976
- Chore(deps): update platformio/espressif32 to v6.11.0 by @renovate in https://github.com/meshtastic/firmware/pull/6900
- Update Alpine to 3.22 by @vidplace7 in https://github.com/meshtastic/firmware/pull/6927
- Clean up install & update shell scripts by @roens in https://github.com/meshtastic/firmware/pull/6839
- Addition of Device Role inside of userPrefs.jsonc by @Crank-Git in https://github.com/meshtastic/firmware/pull/6972
- Chore(deps): update platformio/ststm32 to v19.2.0 by @renovate in https://github.com/meshtastic/firmware/pull/6901
- Chore(deps): update meshtastic/device-ui digest to 2fd19f8 by @renovate in https://github.com/meshtastic/firmware/pull/6982
- Add note to hydra to note that the button pin has no pull-up by @NomDeTom in https://github.com/meshtastic/firmware/pull/6979
- Chore(deps): update meshtastic/device-ui digest to 1b520fc by @renovate in https://github.com/meshtastic/firmware/pull/6991
- Update heltec t114 URL by @dieseltravis in https://github.com/meshtastic/firmware/pull/7004
- Update URL for ThinkNode M1 by @dieseltravis in https://github.com/meshtastic/firmware/pull/7005
- Improve support for Heltec Wireless Bridge by @berlincount in https://github.com/meshtastic/firmware/pull/6647
- Warn users about low entropy keys by @jp-bennett in https://github.com/meshtastic/firmware/pull/7003
- T-watch screen misalignment fix by @HarukiToreda in https://github.com/meshtastic/firmware/pull/6996
- Fix for T-Deck Plus: disable touch IRQ / enable custom touch driver by @mverch67 in https://github.com/meshtastic/firmware/pull/6988
- Create lora-piggystick-lr1121.yaml by @markbirss in https://github.com/meshtastic/firmware/pull/7010
New Contributors
- @roens made their first contribution in https://github.com/meshtastic/firmware/pull/6839
- @Crank-Git made their first contribution in https://github.com/meshtastic/firmware/pull/6972
- @dieseltravis made their first contribution in https://github.com/meshtastic/firmware/pull/7004
- @berlincount made their first contribution in https://github.com/meshtastic/firmware/pull/6647
Full Changelog: https://github.com/meshtastic/firmware/compare/v2.6.10.9ce4455...v2.6.11.60ec05e
Security Fixes
- Delays key generation until LoRa region is set and adds extra randomness; notifies users of detected lowβentropy or colliding keys.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About meshtastic/firmware
All releases βBeta — feedback welcome: [email protected]